Use the ModSecurity Apache Module on a Cloud Server with Plesk

Leave your reply

ModSecurity is a free web application firewall (WAF) which is a simple, powerful way to protect a server against web-based malware and hacking attempts. Learn how to install ModSecurity and the officially-recommended OWASP Core Rule Set (CRS) which will protect a server against malware and hacking in the form of SQL injection, session hijacking, cross-site scripting, Trojans, and many other forms of web-based exploits.

For any Cloud Server with Plesk, administrative functions like adding and managing Apache modules should always be done using the Plesk interface.

Requirements

  • A Cloud Server with Plesk Onyx (any operating system)

This tutorial uses the Power User view. You can change the Plesk view by clicking Change View at the bottom of the column on the left.

Install ModSecurity

Log in to Plesk. Click Tools & Settings > Plesk: Updates and Upgrades.

Install ModSecurity on Plesk: Go to Updates and Upgrades

Click Add/Remove Components.

Install ModSecurity on Plesk: Add/Remove Components

Click + to expand the Web Hosting group.

Install ModSecurity on Plesk: Expand Web Hosting group

Click the arrow beside ModSecurity.

Install ModSecurity on Plesk: ModSecurity

Click Install to add ModSecurity to the install list.

Install ModSecurity on Plesk: Install

Click Continue.

Install ModSecurity on Plesk: Continue

After Plesk has finished installing the selected product, click OK to continue.

Install ModSecurity on Plesk: Click OK

Activate ModSecurity

After installing ModSecurity, return to Tools & Settings to enable it.

Install ModSecurity on Plesk: Tools & Settings

ModSecurity can now be found in the Security group. Click on Web Application Firewall (ModSecurity).

Install ModSecurity on Plesk: Web Application Firewall

Activate the Web application firewall mode.

Install ModSecurity on Plesk: Activate ModSecurity

Choose a security ruleset for ModSecurity to use. Atomic Basic ModSecurity is a good starting choice.

Install ModSecurity on Plesk: Atomic Basic

Click OK to activate ModSecurity.

Install ModSecurity on Plesk: Activate